JVM TCB: Measurements of the Trusted Computing Base of Java Virtual Machines

Report ID: TR-647-02

---

Author: Wang, Daniel C. / Appel, Andrew W.

---

Date: 2002-04-00

---

Pages: 4

---

Download Formats: |PDF| |Postscript|

---

Abstract:

The trusted computing base (TCB) of a Java virtual machine (JVM) is the part of the program code in which programming bugs could lead to security holes. Java systems keep the front end compiler (which translates source code to byte code) out of the TCB, by having the JVM verify the safety of the byte code before just-in-time (JIT) compiling it to machine code. Still, the JIT compiler itself is usually in the TCB, and the more lines of code in the TCB, the more likelihood of security problems. We have measured the TCB size of several JVMs, and find that they range from 36,000 to 229,000 lines of source code.